Lucene search
K

283 matches found

RedHat Linux
RedHat Linux
added 4 days ago7 views

Important: Red Hat Security Advisory: fence-agents security update

An update for fence-agents is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

7.4CVSS6AI score0.00394EPSS
Exploits1References2
OSV
OSV
added 5 days ago6 views

ROOT-APP-PYPI-CVE-2026-32597 CVE-2026-32597 in rootio-PyJWT - Patched by Root

Root has patched CVE-2026-32597 in the rootio-PyJWT package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.9AI score0.00269EPSS
Exploits1
OSV
OSV
added 5 days ago8 views

ROOT-APP-PYPI-CVE-2026-48526 CVE-2026-48526 in rootio-pyjwt - Patched by Root

Root has patched CVE-2026-48526 in the rootio-pyjwt package for Root:PyPI. Multiple fixed versions available...

7.4CVSS5.8AI score0.00394EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2026/07/01 5:32 p.m.4 views

python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens

A flaw was found in PyJWT, a Python library for JSON Web Token JWT implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys JWK in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the...

7.4CVSS5.8AI score0.00394EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

Oracle Linux 9 : fence-agents (ELSA-2026-19355)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19355 advisory. - bundled PyJWT: upgrade to v2.13.0 to fix CVE-2026-48526 Resolves: RHEL-182313 - bundled pyasn1: fix CVE-2026-30922 Resolves: RHEL-157202 - bundled...

8.2CVSS6.8AI score0.0058EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

SUSE SLED15 / SLES15 Security Update : python-PyJWT (SUSE-SU-2026:2627-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2627-1 advisory. This update for python-PyJWT fixes the following issues - CVE-2026-48522: PyJWKClient passes URI arguments...

7.4CVSS5.9AI score0.00394EPSS
Exploits4References13
OSV
OSV
added 2026/06/25 8:13 a.m.2 views

SUSE-SU-2026:2627-1 Security update for python-PyJWT

This update for python-PyJWT fixes the following issues - CVE-2026-48522: PyJWKClient passes URI arguments directly to urllib.request.urlopen and allows for SSRF and token forgery bsc1266798. - CVE-2026-48523: verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are...

7.4CVSS5.8AI score0.00394EPSS
Exploits4References9
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.7 views

Oracle Linux 9 : fence-agents (ELSA-2026-26206)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-26206 advisory. - bundled PyJWT: upgrade to v2.13.0 to fix CVE-2026-48526 Resolves: RHEL-182313 - bundled pyasn1: fix CVE-2026-30922 Resolves: RHEL-157202 - bundled...

8.2CVSS7.3AI score0.0058EPSS
Exploits2References2
OSV
OSV
added 2026/06/19 5:44 a.m.2 views

SUSE-SU-2026:22220-1 Security update for python-PyJWT

This update for python-PyJWT fixes the following issues - CVE-2026-48522: PyJWKClient passes URI arguments directly to urllib.request.urlopen and allows for SSRF and token forgery bsc1266798. - CVE-2026-48523: verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are...

7.4CVSS5.8AI score0.00394EPSS
Exploits4References11
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 6:22 a.m.5 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by insufficient verification of data authenticity in PyJWT

Summary IBM Cloud Pak for Data System CPDS 1.0 uses the PyJWT library, a JSON Web Token implementation in Python. CVE-2026-32597 affects PyJWT's validation of the crit Critical Header Parameter as defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT do...

7.5CVSS5.4AI score0.00269EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.8 views

RHEL 9 : fence-agents (RHSA-2026:26206)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26206 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable...

7.4CVSS5.4AI score0.00394EPSS
Exploits1References4
OSV
OSV
added 2026/06/15 7:29 p.m.3 views

GHSA-W7VC-732C-9M39 PyJWT: Unauthenticated DoS via unbounded Base64URL decoding of unused payload segment in b64=false detached JWS

!NOTE Practical impact depends on whether request body-size limits are enforced upstream proxy/web-server/framework. Deployments with typical body-size caps ≤2 MB bound the amplifier significantly; deployments accepting larger token inputs are more exposed. When verifying detached JWS tokens usin...

5.3CVSS5.6AI score0.00288EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/06/15 7:29 p.m.47 views

PyJWT: Unauthenticated DoS via unbounded Base64URL decoding of unused payload segment in b64=false detached JWS

!NOTE Practical impact depends on whether request body-size limits are enforced upstream proxy/web-server/framework. Deployments with typical body-size caps ≤2 MB bound the amplifier significantly; deployments accepting larger token inputs are more exposed. When verifying detached JWS tokens usin...

5.3CVSS5.5AI score0.00288EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 7:27 p.m.11 views

PyJWT: Algorithm allow-list bypass when decoding with `PyJWK` / `PyJWKClient` keys

!NOTE Scored assuming a deployment where algorithm policy functions as an authentication/authorization boundary. In deployments where the algorithm policy enforces crypto agility only, the practical confidentiality impact is lower and the issue is closer to an integrity-of-policy-enforcement bug...

5.4CVSS5.5AI score0.00127EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/06/15 7:27 p.m.6 views

GHSA-JQ35-7PRP-9V3F PyJWT: Algorithm allow-list bypass when decoding with `PyJWK` / `PyJWKClient` keys

!NOTE Scored assuming a deployment where algorithm policy functions as an authentication/authorization boundary. In deployments where the algorithm policy enforces crypto agility only, the practical confidentiality impact is lower and the issue is closer to an integrity-of-policy-enforcement bug...

5.4CVSS5.5AI score0.00127EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/06/15 2:41 a.m.11 views

Important: Red Hat Security Advisory: fence-agents security update

An update for fence-agents is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

7.4CVSS5.4AI score0.00394EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.13 views

RHEL 9 : fence-agents (RHSA-2026:22330)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22330 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...

8.2CVSS6.9AI score0.00341EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.13 views

RockyLinux 10 : fence-agents (RLSA-2026:19138)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19138 advisory. pyjwt: PyJWT accepts unknown crit header extensions RFC 7515 ?4.1.11 MUST violation CVE-2026-32597 pyasn1: pyasn1 Vulnerable to Denial of Service via...

7.5CVSS6.6AI score0.0058EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2026/06/04 10:17 p.m.10 views

CVE-2026-48523

A flaw was found in PyJWT, a Python library for handling JSON Web Tokens JWT. An attacker with control over a registered JSON Web Key JWK private key can bypass security checks by signing a token with a forbidden algorithm while claiming to use an allowed one. This allows the attacker to have the...

5.4CVSS5.6AI score0.00127EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/04 10:17 p.m.7 views

CVE-2026-48525

A flaw was found in PyJWT. A remote attacker can exploit this by supplying an arbitrarily large Base64URL payload segment when verifying detached JSON Web Signature JWS tokens using the unencoded-payload option. This forces excessive CPU work and memory allocations, leading to a Denial of Service...

5.3CVSS5.7AI score0.00288EPSS
Exploits1References4
Rows per page
Query Builder